This recent change to the npm registry url causes npm ERR! 401 Unauthorized - PUT https://registry.npmjs.org/<package-name> - You must be logged in to publish packages.

Although the url looks correct it doesn't seem to work anymore when using and NPM_AUTH_TOKEN.

Hey, It doesn't seem like "--dir" is not working with actions or am I using it wrong?

The package file is at swagger/generator/package.json

Action:

    - name: Publish
      uses: primer/publish@master
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        NPM_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}
        args: "--dir=swagger/generator"

I have tried to put --dir=../../swagger/generator too but it doesn't do any difference.

Action Logs:

/usr/bin/docker run --name HIDDEN--label 04bb81 --workdir /github/workspace --rm -e GITHUB_TOKEN -e NPM_AUTH_TOKEN -e args -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/e-commerce-backend/e-commerce-backend":"/github/workspace" HIDDEN
user.email=HIDDEN
user.name=erictuvesson
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
remote.origin.url=https://github.com/erictuvesson/e-commerce-backend
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
gc.auto=0
[publish] options: {
  "dir": ".",
  "$0": "/primer-publish/cli.js"
}
[publish] npm args: []
/primer-publish/src/context.js:17
    throw new Error(`Unable to read package.json in ${path.join(process.cwd(), dir)}!`)
    ^

Error: Unable to read package.json in /github/workspace!
    at getContext (/primer-publish/src/context.js:17:11)
    at publish (/primer-publish/src/publish.js:15:10)
    at Object.<anonymous> (/primer-publish/cli.js:29:1)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
    at Function.Module._load (internal/modules/cjs/loader.js:585:3)
    at Function.Module.runMain (internal/modules/cjs/loader.js:831:12)
    at startup (internal/bootstrap/node.js:283:19)
##[error]Docker run failed with exit code 1

There are several ways to do this, but if we're going to support publishing to both npm and GPM (sorry) automatically we'll need to do one of the following:

1. Add instructions for publishing to GPM. Luckily, our entrypoint started as a copy of the one from actions/npm, so we already support custom values for NPM_REGISTRY_URL. In other words, all you should have to do is add this to your workflow:

   action "gpm publish" {
     uses = "primer/publish"
     env = {
       NPM_REGISTRY_URL = "<gpm registry url here>",
     }
     secrets = [
       "NPM_AUTH_TOKEN" # your GitHub access token w/necessary permissions
     ]
   }

2. Update this action to publish to GPM. We would need to add a level of abstraction around publishing to multiple registries, each with their own auth token. For instance: we might only publish to npm if NPM_AUTH_TOKEN is set, and/or to GPM if GPM_AUTH_TOKEN is set.

3. Write a new CLI that runs both of them, then call that from the action. In other words, every instance of npm publish becomes gpm publish here. I haven't looked yet, but this may already exist.

Similar to #10

I am using this package to publish other things to the NPM, at the moment if you try to publish without a version bump the package runs, and in the log it says something like

[publish] skipping "npm version" because "0.1.4" matches package.json
[publish] 0.1.4 is already published

It would be great if when this happened the action failed, so you know it didn't publish, and you forgot a version bump or something.

the test suite for this library needs to be updated, leaving a note so that I remember to circle back ❤️

I ran into the situation where I didn't want to publish anything on merge to master, but I did want to redeploy the docs using primer/deploy, but because the version in package.json for the package hadn't changed, the publish Action exited with a neutral status, which stopped the primer/deploy Action from running.

Is it possible to exit with a status that doesn't stop any other Actions from running? I figured that was the point of neutral statuses but I guess not!

https://github.com/primer/blueprints/runs/66380774

The issue with duplicate Actions runs is biting us here: both the canary and latest versions fail to publish on one of the builds whenever repos merge to master. It's not preventing publishing because one of the builds "wins" by getting to npm publish first, but it is causing the check runs to fail and making it hard to find the logs for the run that actually published in repos' Actions view.

I think it makes sense to double-check whether the version we're about to publish has been published, regardless of what version it is. Force-pushing, for instance, causes problems because Actions run but there's already a version published for the already-pushed commit's version (0.0.0-{sha}).